Re: Re: [Snort-sigs] Oinkmaster questions

[Anthony Kim <Anthony.Kim () VWCREDIT COM>]

On Wed, Jun 11, 2003, Andreas Östling wrote:

> On Tuesday 10 June 2003 15.05, Philip Davidson wrote:
> > Yeah, I would like to see something that would check for updates against an
> > md5 checksum.  That would be pretty keen.
> >
> > Philip Davidson
>
> I don't really see how checking the md5 checksum would be much help
> in this case. Just because the tarball's md5 checksum matches, it doesn't
> really say anything whether its content will screw things up or not.

Yes obviously md5 checksum won't help you at all.  This is
orthogonal to the current discussion (Whether you should automate
rule update or not).  The point was, md5 checksum would have been
a nice addition to validate a download.  If it were possible to
obtain the md5 sum from a tertiary source as opposed to the same
source you retrieve the rule tarball from, and if you can trust
the tertiary source by consensus of other sources or by other
means, you can even obtain some measure of assurance your package
has not been tampered with.

Is it necessary, then, to GPG sign every rule package?  Are we at
that point yet?  I don't have the answers but rule package
integrity is certainly worthwhile discussion.



-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users